SAN FRANCISCO — Fears that a malicious computer program dubbed "Code Red" would cripple the Internet had not materialized by Tuesday evening. The program, known as a worm, was programmed to attack server computers that manage Web sites beginning at 5 p.m. But some security analysts and federal officials warned that Code Red still may cause massive disruption over the next hours or days.
Advertisement
'Code Red' Unleashed on the Web
Advertisement
Operating like an invisible chain letter, Code Red causes infected computer systems to search for other vulnerable systems over the Internet, and in turn infects those. Experts fear that the snowballing pattern of infections might swamp the capacity of Internet service providers.
"We estimate that it will take 36 hours until maximum impact," said Chris Rouland, research director for Internet Security Systems, a company that has been monitoring the spread of the worm. "We expect to see a slow growth curve."
Federal and corporate security experts concurred.
On Monday, officials from the FBI and private industry strongly urged Web administrators to fix the software vulnerability that allows Code Red to operate. They were able to offer advance warning because the worm was programmed to remain dormant until just after midnight Tuesday Greenwich mean time (which in Pacific time was 5 p.m.), at which time it was set to propagate wildly.
An earlier version of Code Red emerged July 19 and hit an estimated 350,000 computers before becoming dormant July 20. It programmed those computers to send a torrent of electronic data to the White House Web site in an effort to overwhelm that site and cause it to shut down. The White House used technical means to fend off the attack.
The worm also caused Web server computers to deface the sites they operated, displaying the message: "Hacked by Chinese." That led to speculation that the attack was launched from China. In May, Chinese hackers defaced numerous U.S. government and corporate Web sites in response to the collision between a Chinese military jet and a U.S. surveillance plane.
The current worm does not deface Web sites. Experts say it is programmed to self-propagate through Aug. 20. From Aug. 20 to 27, it may direct an attack on the former White House Web address--but as that site has been given a new address, it will be unaffected. Beginning Aug. 28, the worm goes into a permanent inactive mode, during which it neither spreads nor attacks.
